Our blog

Dealing with the ‘new normal’ in security

Blogs by author: David Canellos, SVP Service Provider, MSP and Strategic Partners, Symantec.

BT customers are set to benefit from enhanced cloud security and simplified network administration, following its partnership with Symantec.

The new security perimeter.

Regardless of whether you’re employed within the IT industry, or a customer of it, you’ll be well aware of the massive digital disruptions currently underway. Every day, employees use various devices to access all kinds of applications and data, from any location — day or night. And they’re doing so for both professional and personal use.

This 24/7 reality — with the same person constantly and dynamically moving between employee, individual, and community personas throughout the day — is the ‘new normal’ that IT professionals must deal with.

The threats to your traffic.

While the always-on nature of today’s consumer/employee can bring tremendous productivity benefits for enterprises, it also introduces new risks. Traffic flowing freely over a diverse set of devices, networks and apps dramatically increases the attack surface for hackers and cyber criminals.

In many ways, the new perimeter for enterprises is defined by whatever devices, apps or networks their data touches. This is a huge challenge for organisations with limited budgets and security teams that are already stretched painfully thin.

What to do? Clearly, an encrypt-everywhere strategy to make data inaccessible to the bad guys is part of the answer. We’re seeing this more and more with over 50 per cent of network traffic now encrypted.

This is also true of the majority of web traffic — with the next generation HTTP 2.0 protocol all traffic will require encryption. However, hackers are wise to this trend and have found ways to turn it to their advantage. They’ve found sophisticated ways to hide malware and malicious code in SSL and TLS encrypted traffic to successfully penetrate networks and then extract critical data.

Blinded by encryption.

Many threat detection and prevention systems are blinded by encrypted traffic — they cannot block and defend what they cannot see. And even if they have some limited encryption-visibility capabilities, they are wholly inadequate to deal with the current crop of sophisticated multi-phase and multi-stage attacks. These attacks are designed to launch in discrete encrypted packages, reassemble into malicious code once they pass into the network, and then decrypt and find their way back together to begin an attack.

We are also seeing attackers harness the chaotic, always-on nature of digital users. People who are exercising their devices for personal and professional uses in their alternating daily personas to access data and apps from all types of networks (corporate, airport wi-fi, LTE, etc.) with varying security layers. This sort of environment is ideal to launch multi-phased and multi-staged attacks, penetrating networks over time, masked within encrypted traffic.

A scalable, learning security platform.

We believe that the solution for this security challenge is an integrated, always-on, encrypted traffic management security service from a global Tier 1 service provider. This managed security service must be built on a cyber-security platform that spans the four essential domains that need to be secured: identity/data, endpoint, network, and application.

This platform must be informed by a global network of real-time threat intelligence that stays ahead of the most advanced cyber criminals. It needs to be able to see into encrypted traffic, and orchestrate anything that appears suspicious to advanced tools for further investigation and remediation. Plus, as a managed service, it needs the horsepower to minimise any performance impacts while the service scales. And all of this has to happen at cloud speed.

A stronger security strategy.

This is the digital transformation journey that Symantec has partnered with BT for. Our joint Hybrid Cloud and SSL Visibility Appliance (VA) service is purpose-built to help organisations of all types and sizes control the web and cloud access of their employees, across all of their regularly interchanging personas.

It can identify sophisticated threats concealed in SSL-encrypted traffic and immediately take steps to block these from causing any harm. Informed by the Symantec Global Intelligence Network, the world’s largest civilian threat intelligence network, it categorises and analyses threats posed by billions of previously unseen websites and customer emails daily.